Page 90 of 574 results (0.009 seconds)

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made. GitLab versiones anteriores a 11.5.1, 11.4.8 y 11.3.11, no envían un correo electrónico a la dirección de correo electrónico anterior cuando es realizado un cambio de dirección de correo electrónico. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/39809 • CWE-20: Improper Input Validation •

CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 2

GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks. CE/EE, versiones 8.18 hasta 11.x anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de GitLab, son susceptibles a una vulnerabilidad de tipo SSRF en los webhooks. • https://www.exploit-db.com/exploits/49334 https://www.exploit-db.com/exploits/49257 http://packetstormsecurity.com/files/160516/GitLab-11.4.7-Remote-Code-Execution.html http://packetstormsecurity.com/files/160699/GitLab-11.4.7-Remote-Code-Execution.html https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/53242 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0

GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page. CE/EE, versiones 7.6 hasta 11.x y anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, son vulnerables a una vulnerabilidad de tipo XSS en la página de autorización OAuth. • http://www.securityfocus.com/bid/109163 https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/42057 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope. CE/EE, versiones 8.8 hasta 11.x y anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, son vulnerables a una vulnerabilidad de autorización que permite el acceso a la interfaz de usuario web como usuario mediante un Token de Acceso Personal de cualquier ámbito. • http://www.securityfocus.com/bid/109118 https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/50319 • CWE-285: Improper Authorization •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue. CE/EE, versiones 10.1 hasta 11.x y anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, son vulnerables a un problema de referencia de objeto directo no seguro que permite al usuario realizar comentarios sobre un problema bloqueado. • http://www.securityfocus.com/bid/109121 https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/52523 • CWE-639: Authorization Bypass Through User-Controlled Key •